Posts

Showing posts from October, 2020

What is Pen Testing or Ethical Hacking?

PEN TEST or ETHICAL HACKING? Pentesting , also known as penetration testing or ethical hacking , is a security assessment, an analysis, and  progression of simulated attacks on an application (web, mobile, or API). The objective is to penetrate the application security defenses by looking for vulnerabilities. These are usually weaknesses or flaws that an attacker could exploit to impact confidentiality, integrity, or availability. The output of a pentest is a list of vulnerabilities, the risks they pose to the application or network, and a concluding report with an executive summary of the testing along with information on its methodology and recommendations for remediation. The vulnerabilities found during a penetration test can be used to fine-tune your security policies, patch your applications or networks, identify common weaknesses across applications, and  in general strengthen your entire security posture. Hacking often refers to the unauthorized intrusion into a n...

Cross-Site-Scripting(XSS)

XSS It is one of the most common application-layer web attacks. XSS vulnerabilities target scripts embedded in a page that are executed on the client-side. The concept of XSS is to manipulate client-side scripts of a web application to execute in the manner desired by the malicious user. Such a manipulation can embed a script in a page that can be executed every time the page is loaded, or whenever an associated event is performed. XSS can be classified into 3 types 1. Stored XSS(Persistent XSS) 2. Reflected XSS 3. DOM Based XSS Stored XSS The most damaging type of XSS is Stored XSS, an attacker uses stored XSS to inject malicious content thru request payload, most often JavaScript code, into the target application. If there is no input validation this malicious code is permanently stored in DB. so, when victims opens the affected web page in a browser the it will process and execute the XSS attack. Reflected XSS This the most common type of XSS. in this case, the attackers payload has...

Test Case

What is Test Case? In software engineering, a test case is a specification of the inputs, execution conditions, testing procedure, and expected results that define a single test to be executed to achieve a particular Different types of Test Cases Functionality Test Cases Functionality test cases are used to discover if an application’s interface works with the rest of the system and its users. The tests identify the success or failure of functions that the software is expected to perform. The cases are a type of black-box testing that uses for its base, the specifications or user stories of the software under test. This allows the tests to be performed without needing access to the workings or internal structures of the software being tested. The QA team are usually the writers of functionality test cases because the task falls within normal QA processes. They can be written and run as soon as development makes a first function available for testing. To help steer development, they can...